Show More
| @@ -65,15 +65,17 b' IPython.security = (function (IPython) {' | |||||
| 65 | // { |
|
65 | // { | |
| 66 | // src: original_html, |
|
66 | // src: original_html, | |
| 67 | // sanitized: the_sanitized_html, |
|
67 | // sanitized: the_sanitized_html, | |
| 68 |
// safe: bool // false if the sanitizer |
|
68 | // _maybe_safe: bool // false if the sanitizer definitely made changes. | |
|
|
69 | // This is an incomplete indication, | |||
|
|
70 | // only used to indicate whether further verification is necessary. | |||
| 69 | // } |
|
71 | // } | |
| 70 | var result = { |
|
72 | var result = { | |
| 71 | src : html, |
|
73 | src : html, | |
| 72 | safe : true |
|
74 | _maybe_safe : true | |
| 73 | }; |
|
75 | }; | |
| 74 | var record_messages = function (msg, opts) { |
|
76 | var record_messages = function (msg, opts) { | |
| 75 | console.log("HTML Sanitizer", msg, opts); |
|
77 | console.log("HTML Sanitizer", msg, opts); | |
| 76 | result.safe = false; |
|
78 | result._maybe_safe = false; | |
| 77 | }; |
|
79 | }; | |
| 78 |
|
80 | |||
| 79 | var html4 = caja.html4; |
|
81 | var html4 = caja.html4; | |
| @@ -106,8 +108,10 b' IPython.security = (function (IPython) {' | |||||
| 106 |
|
108 | |||
| 107 | // caja can strip whole elements without logging, |
|
109 | // caja can strip whole elements without logging, | |
| 108 | // so double-check that node structure didn't change |
|
110 | // so double-check that node structure didn't change | |
| 109 | if (result.safe) { |
|
111 | if (result._maybe_safe) { | |
| 110 | result.safe = cmp_tree($(result.sanitized), $(html)); |
|
112 | result.safe = cmp_tree($(result.sanitized), $(html)); | |
|
|
113 | } else { | |||
|
|
114 | result.safe = false; | |||
| 111 | } |
|
115 | } | |
| 112 | return result.safe; |
|
116 | return result.safe; | |
| 113 | }; |
|
117 | }; | |
General Comments 0
You need to be logged in to leave comments.
Login now